Jira ServerºÍService Desk¶à¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-09-23

¡ñÎó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-14994£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-15001£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.2


¡ñÓ°Ïì°æ±¾


CVE-2019-14994

Affected Jira Service Desk Server and Jira Service Desk Data Center Versions

version < 3.9.16

3.10.0 <= version < 3.16.8

4.0.0 <= version < 4.1.3

4.2.0 <= version < 4.2.5

4.3.0 <= version < 4.3.4

4.4.0 <= version < 4.4.1


CVE-2019-15001

Affected Jira Server & Jira Data Center Versions

starting with 7.0.10

7.1.x

7.2.x

7.3.x

7.4.x

7.5.x

7.6.x before 7.6.16 (the fixed version for 7.6.x)

7.7.x

7.8.x

7.9.x

7.10.x

7.11.x

7.12.x

7.13.x before 7.13.8 (the fixed version for 7.13.x)

8.0.x  

8.1.x before 8.1.3 (the fixed version for 8.1.x)

8.2.x before 8.2.5 (the fixed version for 8.2.x)

8.3.x before 8.3.4 (the fixed version for 8.3.x)

8.4.0


¡ñÎó²î¸ÅÊö


AtlassianÐû²¼Jira ServerºÍService DeskµÄÇå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´Á½¸öÇå¾²Îó²î¡£¡£¡£


CVE-2019-14994


Atlassian Jira Service Desk ServerºÍAtlassian Jira Service Desk Data Center¶¼ÊÇ°Ä´óÀûÑÇAtlassian¹«Ë¾µÄ²úÆ·¡£¡£¡£Atlassian Jira Service Desk ServerÊÇÒ»Ì×ITЧÀĮ́ÓëÇëÇó¸ú×ÙϵͳµÄЧÀÍÆ÷°æ±¾¡£¡£¡£¸ÃϵͳÖ÷ÒªÓÃÓÚÎüÊÕ¡¢¸ú×ÙºÍÖÎÀíÍŶӿͻ§µÄÇëÇ󡣡£¡£Atlassian Jira Service Desk Data CenterÊÇAtlassian Jira Service DeskµÄÊý¾ÝÖÐÐÄ°æ±¾¡£¡£¡£


Customer Context FilterÊÇÆäÖеÄÒ»¸öÉÏÏÂÎĹýÂËÆ÷¡£¡£¡£ Atlassian Jira Service Desk ServerºÍAtlassian Jira Service Desk Data CenterÖеÄCustomer Context Filter±£´æ·¾¶±éÀúÎó²î¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úƷδÄÜ׼ȷµØ¹ýÂË×ÊÔ´»òÎļþ·¾¶ÖеÄÌØÊâÔªËØ¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓôËÎó²îÉó²éÄ¿µÄʵÀýÖеÄËùÓÐJiraÏîÄ¿£¬£¬£¬£¬£¬°üÀ¨Service DeskÏîÄ¿¡¢Jira CoreÏîÄ¿ºÍJira SoftwareÏîÄ¿¡£¡£¡£


Ñо¿Ö°Ô±±¨¸æ³Æ2.5Íò¶à¸öÒ×Êܹ¥»÷µÄʵÀýÔÚÍøÉÏ̻¶£¬£¬£¬£¬£¬ËüÃÇÊôÓÚÒ½ÁÆ¡¢Õþ¸®¡¢½ÌÓýºÍÖÆÔìÐÐÒµµÈ¡£¡£¡£


CVE-2019-15001


Atlassian JIRA ServerºÍAtlassian JIRA Data Center¶¼ÊÇ°Ä´óÀûÑÇAtlassian£¨Atlassian£©¹«Ë¾µÄ²úÆ·¡£¡£¡£Atlassian JIRA ServerÊÇÒ»Ì×ȱÏݸú×ÙÖÎÀíϵͳµÄЧÀÍÆ÷°æ±¾¡£¡£¡£¸ÃϵͳÖ÷ÒªÓÃÓÚ¶ÔÊÂÇéÖÐÖÖÖÖÎÊÌ⡢ȱÏݾÙÐиú×ÙÖÎÀí¡£¡£¡£Atlassian JIRA Data CenterÊÇAtlassian JIRAµÄÊý¾ÝÖÐÐÄ°æ±¾¡£¡£¡£


Jira Importers Plugin£¨JIM£©ÊÇÆäÖеÄÒ»¸öÎļþ/Êý¾Ýµ¼Èë²å¼þ¡£¡£¡£ Atlassian JIRA ServerºÍAtlassian JIRA Data CenterÖеÄJira Importers Plugin±£´æ×¢ÈëÎó²î¡£¡£¡£¸ÃÎó²îÔ´ÓÚÓû§ÊäÈë½á¹¹ÏÂÁî¡¢Êý¾Ý½á¹¹»ò¼Í¼µÄ²Ù×÷Àú³ÌÖУ¬£¬£¬£¬£¬ÍøÂçϵͳ»ò²úƷȱ·¦¶ÔÓû§ÊäÈëÊý¾ÝµÄ׼ȷÑéÖ¤£¬£¬£¬£¬£¬Î´¹ýÂË»òδ׼ȷ¹ýÂ˵ôÆäÖеÄÌØÊâÔªËØ£¬£¬£¬£¬£¬µ¼ÖÂϵͳ»ò²úÆ·±¬·¢ÆÊÎö»òÚ¹ÊÍ·½·¨¹ýʧ¡£¡£¡£


¡ñÎó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£


¡ñÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬ÏÂÔØÁ´½Ó£º

https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html

https://confluence.atlassian.com/jira/jira-security-advisory-2019-09-18-976766250.html


¡ñ²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/jira-server-and-service-desk-fix-critical-security-bugs/